From c9c6301e15354135789dfad4f878e4704aeebb71 Mon Sep 17 00:00:00 2001 From: Maciej Maciejewski Date: Fri, 1 Mar 2024 19:26:52 +0000 Subject: [PATCH] Fix issue with acees policy and add secrets --- ....yml => module-keyvault-access-policy.yml} | 2 +- .github/workflows/module-keyvault-secrets.yml | 26 +++++++++++++++++++ .../keyvault-access-policy/main.bicep | 6 ++--- 3 files changed, 30 insertions(+), 4 deletions(-) rename .github/workflows/{module-keyvault-accesspolicy.yml => module-keyvault-access-policy.yml} (85%) create mode 100644 .github/workflows/module-keyvault-secrets.yml diff --git a/.github/workflows/module-keyvault-accesspolicy.yml b/.github/workflows/module-keyvault-access-policy.yml similarity index 85% rename from .github/workflows/module-keyvault-accesspolicy.yml rename to .github/workflows/module-keyvault-access-policy.yml index 12f032d..d0e93da 100644 --- a/.github/workflows/module-keyvault-accesspolicy.yml +++ b/.github/workflows/module-keyvault-access-policy.yml @@ -22,5 +22,5 @@ jobs: module_name: keyvault module_file_path: modules/security/keyvault-access-policy/main.bicep module_metadata_file_path: modules/security/keyvault-access-policy/metadata.json - module_parameters: keyVaultName=test-keyvault tags={'env':'dev'} location=uksouth objectId=1 + module_parameters: keyVaultName=test-keyvault objectId=1 secrets: inherit diff --git a/.github/workflows/module-keyvault-secrets.yml b/.github/workflows/module-keyvault-secrets.yml new file mode 100644 index 0000000..485cf5b --- /dev/null +++ b/.github/workflows/module-keyvault-secrets.yml @@ -0,0 +1,26 @@ +name: module-keyvault-secrets +concurrency: + group: ${{ github.workflow }} + +on: + workflow_dispatch: + push: + branches: + - main + paths: + - "modules/security/keyvault-secrets/**" + +permissions: + id-token: write + contents: read + +jobs: + call-shared-workflow: + name: Run + uses: ./.github/workflows/template-module.yml + with: + module_name: keyvault + module_file_path: modules/security/keyvault-secrets/main.bicep + module_metadata_file_path: modules/security/keyvault-secrets/metadata.json + module_parameters: keyVaultName=test-keyvault tags={'env':'dev'} location=uksouth secretName=my-secret-name secretValue=my-secret-value + secrets: inherit diff --git a/modules/security/keyvault-access-policy/main.bicep b/modules/security/keyvault-access-policy/main.bicep index 16a5ab3..6524ae6 100644 --- a/modules/security/keyvault-access-policy/main.bicep +++ b/modules/security/keyvault-access-policy/main.bicep @@ -5,9 +5,6 @@ metadata owner = 'MM' @description('Required. Name of Key Vault.') param keyVaultName string -@description('Required. Name of Key Vault Access Policy.') -param policyName string = 'add' - @description('Required. Object Id of a user, service principal or security group') param objectId string @@ -23,6 +20,9 @@ param keyPermissions array = [] @description('Optional. Specify the permissions to certificates. Valid values are: all, backup, create, delete, deleteissuers, get, getissuers, import, list, listissuers, managecontacts, manageissuers, purge, recover, restore, setissuers, update') param certificatPermissions array = [] +@description('Oprional. Name of Key Vault Access Policy.') +param policyName string = 'add' + resource keyvault 'Microsoft.KeyVault/vaults@2023-07-01' existing = { name: keyVaultName }